The following patch creates a new event, login_prompt, which you can then
examine in your policy script. The "right" approach would be to modify
Bro to send up the entire Telnet environment, since it's already extracting
$DISPLAY and $TERM as well as now $TTYPROMPT; but for expediency I just
added $TTYPROMPT as a separate event, similar to the other two.
This will be incorporated in the next "current" release.
Vern
*** Login.cc 2002/09/15 16:14:31 1.11
--- Login.cc 2002/10/03 00:13:16